[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Xen ARM - Exposing a PL011 to the guest

To: Xen Devel <xen-devel@xxxxxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>
From: Julien Grall <julien.grall@xxxxxxx>
Date: Wed, 30 Nov 2016 15:29:32 +0000
Cc: Bhupinder Thakur <bhupinder.thakur@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Christoffer Dall <christoffer.dall@xxxxxxxxxx>, Steve Capper <Steve.Capper@xxxxxxx>
Delivery-date: Wed, 30 Nov 2016 15:29:50 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Hi all,

Few months ago, Linaro has published the version 2 of the VMspecification [1].

For those who don't know, the specification provides guidelines toguarantee a compliant OS images could run on various hypervisor (e.gXen, KVM).

Looking at the specification, it will require Xen to expose new devicesto the guest: pl011, rtc, persistent flash (for UEFI variables).

The RTC and persistent will only be used by the UEFI firwmare. Thefirwmare is custom made for Xen guest and be loaded by the toolstack, sowe could theoretically provide PV drivers for those.

This is not the case for the PL011. The guest will be shipped with aPL011/SBSA UART driver,.This means it will expect to access it through MMIO.

So we have to emulate a PL011. The question is where? Before suggestingsome ideas, the guest/user will expect to be able to interact with theconsole through the UART. This means that the UART and xenconsoled needsto communicate together.


I think we can distinct two places where the PL011 could be emulated:
in the hypervisor, or outside the hypervisor.

Emulating the UART in the hypervisor means that we take the risk toincrease to the attack surface of Xen if there is a bug in the emulationcode. The attack surface could be reduced by emulating the UART inanother exception level (e.g EL1, EL0) but still under the control ofthe hypervisor. Usually the guest is communicating between withxenconsoled using a ring. For the first console this could be discoveredusing hypercall HVMOP_get_param. For the second and onwards, itdescribed in xenstore. I would not worry too much about emulatingmultiple PL011s, so we could implement the PV frontend in Xen.

Emulating the UART outside the hypervisor (e.g in DOM0 or specialdomain) would require to bring the concept of ioreq server on ARM. Whichleft the question where do we emulate the PL011? The best place would bexenconsoled. But I am not sure how would be the security impact here.Does all guest consoles are emulated within the same daemon?

I would lean towards the first solution if we implement all the securitysafety I mentioned. Although, the second solution would be a good moveif we decide to implement more devices (e.g RTC, pflash) in the future.


Do you have any opinions?

Cheers,

[1]http://people.linaro.org/~christoffer.dall/VMSystemSpecificationForARM-v2.0-rc1.pdf


--
Julien Grall

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Xen ARM - Exposing a PL011 to the guest
  - From: Stefano Stabellini
- Re: [Xen-devel] Xen ARM - Exposing a PL011 to the guest
  - From: Volodymyr Babchuk
- Re: [Xen-devel] Xen ARM - Exposing a PL011 to the guest
  - From: Christoffer Dall

Prev by Date: Re: [Xen-devel] [PATCH v3 07/24] x86/emul: Clean up the naming of the retire union
Next by Date: Re: [Xen-devel] [PATCH v3.1 15/15] xen/x86: setup PVHv2 Dom0 ACPI tables
Previous by thread: [Xen-devel] [OSSTEST PATCH 1/2] Executive database: set isolation level in Perl
Next by thread: Re: [Xen-devel] Xen ARM - Exposing a PL011 to the guest
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.